Epsilon security breach exposes thousands of email addresses

(Read caption)
Epsilon, a marketing service firm, had its email database hacked open on March 30. Among the affected clients are Best Buy.

View photo

Epsilon, a marketing services firm based in Dallas, has warned clients that a massive breach in an email database may have exposed the names and emails of thousands of users. Among the affected clients are Best Buy, Capital One, RitzCarlton Rewards, JPMorgan Chase, Capital One and Citi. Epsilon maintained that no financial information – credit card numbers, for instance – has been revealed.

"A rigorous assessment determined that no other personal identifiable information associated with those names was at risk," reps for Epsilon wrote today. "A full investigation is currently underway." The press release identifies the date of the breach as March 30; the hacker apparently managed to bust through a hole in Epsilon's email system, and siphon out a whole lot of information.

So how bad is it? Over at the site of security firm Sophos, Paul Ducklin reiterates that "only names and email addresses were spilled, which is moderately comforting." Still, he cautions affected users to keep up their guard.

"[L]osing your email address to scammers and spammers is likely to mean a surge in spam to your account," Ducklin writes. "Also, losing your email address via a service to which you already belong makes it much easier for scammers to hit you with emails which match your existing interests, at least loosely. That, in turn, can make their fraudulent correspondence seem more believable."

Security Week has compiled a full list of the brands that do business with Epsilon. Check that out here. Also, make sure to take a look at this Monitor article on avoiding phishing and malware attacks. In the meantime, if you haven't done so already, sign up for the free Innovation newsletter, which is emailed out every Wednesday morning.